Microsoft Windows Graphics Device Interface EMR_HEADER Information Disclosure (CVE-2018-8595)

An information disclosure vulnerability exists in the Graphics Device Interface GDI component of Microsoft Windows. The vulnerability is due to improperly disclosing memory content. Successful exploitation could result in disclosure of information which could be used to further compromise the...

Rockwell Automation RNADiagReceiver Denial Of Service (CVE-2012-0222)

A denial of service vulnerability exists in Rockwell Automation RNADiagReceiver. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the target system...

Rockwell Automation Allen Bradley Micrologix 1400 Series Device Power Cycle Denial of Service (CVE-2017-12088; CVE-2017-12089; CVE-2017-12090; CVE-2017-12092; CVE-2017-12093)

A denial of service vulnerability exists in Rockwell Automation Allen Bradley Micrologix 1400 Series. A remote, unauthenticated attacker can exploit the vulnerability by sending crafted packets to the target system...

Microsoft Word Information Disclosure Vulnerability

Microsoft Office is an office software suite of products developed by the United States Microsoft Microsoft.Word is a word processing software in the Office suite. An information disclosure vulnerability exists in Microsoft Word, which can be exploited by an attacker to read arbitrary files from...

Rockwell Automation Allen Bradley Micrologix 1400 Series Access Control Information Disclosure (CVE-2017-14462)

An Information Disclosure vulnerability exists in Rockwell Automation Allen Bradley Micrologix 1400 Series. A remote, unauthenticated attacker can exploit the vulnerability by sending crafted packets to the target system causing access control and information disclosure...

Apple WebKit Memory Corruption (CVE-2018-4233)

A remote code execution vulnerability exists in Apple WebKit. The vulnerability is due to a memory corruption when handling of objects in javascript JIT. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted js webpage. Successful exploitation...

WeChat pc client software suffers from arbitrary code execution vulnerability

WeChat is a free application launched by Tencent to provide instant messaging services for smart terminals. The WeChat pc client software suffers from an arbitrary code execution vulnerability, which can be exploited by an attacker with the help of malware to execute arbitrary code DLL files on t...

Privilege escalation

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac Consumer 7.0 2017 and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on t...

Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

GHSA-WQG7-VRJ7-V82H Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Design/Logic Flaw

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Suspicious Scriptlet Downloader

Many campaigns are known to use Scriptlet downloaders. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...

memcached: UDP server support allows spoofed traffic amplification DoS

It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service DDoS attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causi...

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+

EternalBlue exploit for Windows 8, Windows 10, and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten The exploit support only x64 target Tested on: - Windows 2012 R2 x64 - Windows 8.1 x64 - Windows 10 Pro Build 10240 x64 - Windows 10 Enterprise...

Suspicious Powershell Downloader

Many campaigns are known to use Powershell downloaders. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...

(Pwn2Own) Microsoft Windows D3DKMTCreateDCFromMemory Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the creation of ...

IBM InfoSphere Information Server Elevation of Privilege Vulnerability

IBM InfoSphere Information Server is the market-leading data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform and deliver data and collaborate to bridge the gap between business and IT. An elevation of privilege vulnerability exists...

F5 BIG-IP Information Disclosure Vulnerability (CNVD-2018-15635)

F5 BIG-IP as an access solution provides SSL VPN remote access, security, application acceleration and high availability for remote users. An information disclosure vulnerability exists in F5 BIG-IP due to a flaw in the F5 BIG-IP configuration utility, which can be exploited by an attacker to vie...

Microsoft WMIC Malicious XSL Downloader

A vulnerability exists in Microsoft WMIC interface. Successful exploitation of this vulnerability could allow a remote attacker to run malicious code and infect the target system...

Git ssh URL Processing Command Execution (CVE-2017-1000117)

A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of ssh:// URLs. Successful exploitation will enable the attacker to execute arbitrary commands on the target system...